The present invention relates to smart card security and more particularly to a system and method of biometric authentication of a smart card user.
Authentication is the process by which an entity, such as a financial institution or bank or other type of institution, identifies and verifies its customers or users to itself and itself to its customers or users. Authentication includes the use of physical objects, such as cards and/or keys, shared secrets, such as personal identification numbers (PIN""s) and/or passwords, and biometric technologies, such as voice prints, photos, signatures and/or fingerprints. Biometric tasks include, for example, an identification task and a verification task. The verification task determines whether or not the individual claiming an identity is the individual whose identity is being claimed. The identification task determines whether the biometric signal, such as a fingerprint, matches that of someone already enrolled in the system.
Typically, biometric systems have a common methodology, regardless of their modality, such as fingerprint, face, voice, or the like. A person enrolls by donating some number of samples of the biometric. From these samples, the biometric system creates a model of the particular individual""s patterns, which is referred to as a template. When the person attempts to access the system, the application collects new data. In a verification application, the individual claims an identity, and the application retrieves the individual""s model from a database and compares the new signal to the retrieved model. The result of this comparison is a match score, which indicates how well the new signal matches the template. The application then compares the match score obtained with a pre-defined threshold and decides whether to allow or deny access to the individual or, for example, to ask the individual for more data.
Various authentication parameters are used by security systems to verify a valid cardholder and to grant the cardholder access to a secured resource. Information parameters, such as PIN""s, can be readily read and processed by a card reader according to a system verification algorithm. However, information can be compromised, so that many authentication systems also require person-unique biometric parameters, such as fingerprints, or retinal images. In such authentication systems, cardholder bio-specimens are stored in digital format in the system computer. During authentication the system obtains the information parameters, for example, from the card, and the biometric parameters from the person and matches both to the system-stored values. For a fingerprint, for example, there are fourteen points and interpoint distances that the biometric reader compares and, depending on the match score, grants or denies access.
The required match score is a function of a pre-selected security level and is set by the application designer. However, the image acquisition tolerances, as well as changes in the person""s biometric parameter, such as a finger cut on the referenced fingerprint, cause false acceptances, such as accepting an impostor (False Accept or FA), and false rejections, such as rejecting a valid user (False Reject or FR). Manufacturers of biometric readers or application developers provide performance histograms, which are distributions of the empirical number of valid acceptances and valid rejections provided by the reader. To the extent the distributions overlap, there are regions of false rejections of valid users or FR and false acceptance of impostors or FA. In setting the system parameters, application designers attempt to set a threshold authentication match score which balances these tolerances against efficiency for a given application.
The selected threshold match score is based on the desired probability of occurrence or non-occurrence of a FA and/or FR, and the performance histograms quantify the probability of occurrence of FA and FR. These probabilities are inverse, in that by increasing the threshold score to reduce the Probability of FA or P(FA), the Probability of FR or P(FR) is increased. Conversely, decreasing the threshold to reduce the Probability of FR or P(FR) increases the Probability of FA or P(FA).
In a given application the selected threshold is coded into the reader software, and system performance is observed. If actual system efficiency is unacceptable due to a False Reject Rate (FRR) that is too high, the threshold score is reduced, and if unacceptable due to a False Accept Rate (FAR) that is too high, the threshold is increased. Each time the threshold score changes, it must be re-coded into the reader system software. Similarly, with each new reader model or new release, the threshold score must be changed in accordance with the new model histograms and possibly changed again following actual performance evaluation. Each re-coding of the threshold value generally requires a new system software release, together with the time and labor required to install the new software.
It is a feature and advantage of the present invention to provide a system and method of biometric smart card user authentication which automatically adjusts the probability of occurrence or non-occurrence of false acceptance of an impostor and false rejection of a valid user without the necessity of reprogramming the reader system software.
It is a further feature and advantage of the present invention to provide a system and method of biometric smart card user authentication in which the performance of the biometric technology is independent of where the system positions the threshold for false acceptance and false rejection.
It is another feature and advantage of the present invention to provide a system and method of biometric smart card user authentication which makes the card application more secure, thereby reducing the risk of fraudulent or unauthorized use and allowing for higher-value applications
It is an additional feature and advantage of the present invention to provide a system and method of biometric smart card user authentication which simplifies application design requirements by putting the user""s biometric template on the card, thereby eliminating or greatly reducing network traffic.
It is still another feature and advantage of the present invention to provide a system and method of biometric smart card user authentication which enhances security and privacy by eliminating the necessity of transmitting the user""s biometric template around to different locations where it is needed.
It is a still further feature and advantage of the present invention to provide a system and method of biometric smart card user authentication which allows application designers to set operating thresholds as tightly or as loosely as is appropriate for the particular risk involved.
It is also a feature and advantage of the present invention to provide a system and method of biometric smart card user authentication with a flexible architecture format for storing biometrics on the smart card that is independent of application or biometric methodology or vendor.
It is still an additional feature and advantage of the present invention to provide a system and method of biometric smart card user authentication which supports different methods, vendors, and releases, and allows for flexibility of application deployment.
It is another feature and advantage of the present invention to provide a system and method of biometric smart card user authentication in which the user is automatically authenticated by an application on the smart card.
It is an additional feature and advantage of the present invention to provide a method and system of biometric smart card user authentication in which the customer""s use of the smart card in a transaction ties the customer undeniably to the transaction and makes the transaction non-reputiatable.
To achieve the stated and other features, advantages and objects of the present invention, the system and method for authenticating a smart card user at a reader device of an embodiment of the present invention includes storing information fields for the user on the smart card relating to biometric information for the user, also referred to as a biometric template. The biometric template includes at least one model of biometric patterns for the user, such as the user""s voice print, photograph, signature, fingerprint, hand geometry, retinal image or iris scan. The information fields also include a table of pre-defined probability of occurrence values for user authentication, as well as personal data for the user, identification of a biometric system, and a hashed data field. The information fields are stored in an application on a microprocessor of the smart card.
In an embodiment of the present invention, storing the information fields relating to the table of pre-defined probability of occurrence values involves automatically assigning a probability of occurrence value to each of a plurality of pre-defined range limit values, which are automatically identified for each of a plurality of value ranges of biometric reader device match scores. Identifying the range limit values involves automatically tabulating a performance histogram distribution of biometric reader device match scores for false acceptance of an impostor and false rejection of a valid user into a plurality of value ranges. Tabulating the performance histogram distribution involves automatically quantifying the performance histogram into discrete levels of biometric reader device match scores and automatically assigning the probability of occurrence value for each of the discrete levels of the biometric reader device match scores.
In an embodiment of the present invention, the smart card, together with a biometric sample for the user, are presented to the reader device, which is associated with a terminal, such as at least one of an area access terminal, a computer network terminal, a computer access terminal, a stored value terminal, a monetary access terminal, a PBX terminal, a long distance terminal, a personal computer, a laptop computer, a personal digital assistant, a public internet terminal, and an automated teller machine. The presented biometric sample is, for example, at least one of a voice print, photograph, signature, fingerprint, hand geometry, retinal image, and an iris scan.
In an embodiment of the present invention, the user is automatically authenticated by the reader device based at least in part on a match level between the stored biometric information and the presented biometric sample according to a desired probability of occurrence value from the stored table. The desired probability of occurrence value is pre-selected by pre-defining a desired probability of occurrence value for false acceptance of an impostor and false rejection of a valid user and pre-defining an instruction set which directs the reader device to look to the stored table of probability of occurrence values for a false acceptance of an impostor and false rejection of a valid user threshold match score corresponding to the desired probability of occurrence value. The user authentication is performed by an application associated with the reader device and residing on the reader device and/or the terminal.
Alternatively, in an embodiment of the present invention, in order to provide enhanced security, the user is automatically authenticated by an application on the smart card. For example, the reader device reads the presented biometric sample and automatically presents what is read by the reader device to the smart card application. The smart card application then authenticates the user according to the threshold match score from the table on the smart card application that corresponds to the desired probability of occurrence value.
Additional objects, advantages and novel features of the present invention will be set forth in part in the description which follows, and in part will become more apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention.